Split authentication methods for customers and agents

Have more questions? Submit a request


  • Jonathan N'Goran

    We have both SSO enabled for agents and customers. We want to use SAML for our agents and JWT for our customers. If we setup JWT to be the default mechanism, our Azure AD SAML integration is no longer working. When we setup JWT as default, logout url is no longer working for JWT. What should be the proper configuration?

  • Robin Frerichs

    Hey Jonathan!

    Great question, the trick is to enable both, make the one you want to use for end-users the primary one using the SSO switch that appears when you enable both SAML and JWT, and finally you create a button in your Help Center called "Sign in for agents" that will point to the Login URL for agents :)

  • Martin Meraner


    I do not get the following:

    1. Note:  you will not be able to select different SSO configurations for end-users vs. agents if you select SSO for both.

    We use ADFS, does this mean that I can only have one Relying party definition and that I have to send the role admin/agent/user via ADFS. So all values on both SSO (admin+agent, end user) settings under security have to be the same?



  • Anna Everson

    Hi Martin,

    You can set up SSO with ADFS (see this article if you haven't already) for both agents and end-users, and you can even map custom roles (more on that here.) You don't need to set up multiple relying party trust identifiers, you just need to be able to tell Zendesk which people are agents, either by sending that from ADFS when they log in or having a Zendesk admin set that manually in the agent interface. If you don't want to map roles from ADFS to Zendesk, users who sign in who don't exist yet in Zendesk will be marked end-users. The Zendesk security settings will be the same in this case for both agents and end-users.

    Hopefully I understood your question correctly. You can always send a ticket to support@zendesk.com if you need to talk more about your specific use-case.


  • Martin Meraner

    Hi, yes that totally explains it. Thanks for the clarification.


Please sign in to leave a comment.

Powered by Zendesk